Work with Vulnerabilities
InsightAppSec allows you to view your vulnerabilities at the Organization level, the App level, or the Scan level. The organizational view can be seen by clicking on the All Vulnerabilities tab on the left navigation bar. If you are viewing a specific app, the Vulns tab will show you all the vulnerabilities for that app, while clicking on a scan from the Scans tab will show you all the vulnerabilities found in that particular scan.
From the All Vulnerabilities screen, you can use the filtering capability to focus on certain vulnerabilities, for example, high severity vulnerabilities in your banking app. InsightAppSec comes with 2 filters by default - High or Medium Severity vulnerabilities and Unreviewed High Severity vulnerabilities.
A search filter allows you to choose the attributes of the assets that you are interested in. You can add multiple filters for more precise searches. A filter is made by comparing certain properties of vulnerabilities to a value or regular expression using one of the following operators:
- = (equals)
- != (does not equal)
- does not contain
- starts with
- ends with
- Like (regular expression)
- is null
- is not null
You can combine filters using the AND operator so that the search result set contains only the vulnerabilities that meet all of the criteria in all of the filters (leading to a smaller result set). Or you can combine filters using the OR operator so that the search result set contains vulnerabilities that meet any of the criteria in any given filter (leading to a larger result set).
A circle on the left side of the filters indicates whether the expression in the field is allowed or not. If the circle is red in color, your filter is incomplete or incorrect.
Clicking on any vulnerability will display the vulnerability details in a panel on the right side of your screen. The top row in the panel displays general details about the vulnerability such as the name and severity of the underlying attack, the review status of the vulnerability, and the time of its first and last appearance. You can also change the severity and status of the vulnerability in this area.
- App - Link to the app where the vulnerability was found.
- ID - A unique hexadecimal identifier for this instance of the vulnerability.
- JIRA - An indicator of whether this instance of the vulnerability has been exported to JIRA or not.
- URL - The URL of the web resource where this vulnerability was found.
- Parameter - The HTTP request parameter that was used for this attack.
- Method - The HTTP method, GET or POST, that was used to carry out this attack.
The Attack Information section provides details about the vulnerability and recommendations on how to solve it. You will also find links to references from industry-standard councils such as NIST, OWASP, and DISA, which you can use to gather more information about the vulnerability.
InsightAppSec may attempt multiple variations of the same attack on a URL to ensure the security of your applications against a variety of attacks. For example, you may have protected your application against certain special characters in web forms, but not others. The Attack Variances section contains multiple tabs for each variation of an attack attempted by InsightAppSec.
- Attack Variance - An attack can have more than one variation. Each attack variance will be listed next to Attack Variance and will be added as a tab next to Attack 1.
- Attack Type - The type of attack used against the application.
- **Original Value **- The original non-malicious value of the parameter, which is used to observe normal behavior of the app
- Attack Value - A specially crafted value which is supposed to make the app behave abnormally
- Description - Description of the variation of the attack being attempted.
- Replay Attack - Replay the attack using the Rapid7 AppSec Plugin for Chrome browsers.
- Error - The error message from the application, or a description of the error encountered by the app
- Error Description - A longer description of the error.
- Original Traffic - A snapshot of the HTTP request sent to the app and the response received in the normal case.
- Attack Traffic - A snapshot of the HTTP request sent with the attack value in the parameter, and the resulting response.
This table shows a list of all the scans where this vulnerability has been found in your environment.
The Change History shows the time a change was made on a vulnerability, the event, and which user made the change.
Events that trigger a change:
- Status updates
- Severity changes